ssh authorized_keys bypasses security?
From: Jem Berkes (jb2002_padding_@pc9.org)Date: 07/08/02
- Next message: Tim Haynes: "Re: IPChains vs Stateful inspection"
- Previous message: Jan Schubert: "Re: Q: Routing with iptables"
- Next in thread: Tim Haynes: "Re: ssh authorized_keys bypasses security?"
- Reply: Tim Haynes: "Re: ssh authorized_keys bypasses security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jem Berkes <jb2002_padding_@pc9.org> Date: Mon, 08 Jul 2002 16:03:24 GMT
Perhaps somebody can help clarify something for me, regarding OpenSSH's
authorized_keys file. There are several PCs on my network which back up
their data to one linux host using rsync over ssh. On each client I used
ssh-keygen to produce a key pair, and inserted the public key of each into
the .ssh/authorized_keys file on a certain linux account.
So the net result is that several hosts gain access to one account on the
server, and none of them need to know the account password. This seems to
be completely bypassing the linux server's user authentication system --
are there additional risks resulting from this that I haven't seen?
-- Jem Berkes Student IEEE (Canada)http://www.pc-tools.net/ Windows, Linux & UNIX software
- Next message: Tim Haynes: "Re: IPChains vs Stateful inspection"
- Previous message: Jan Schubert: "Re: Q: Routing with iptables"
- Next in thread: Tim Haynes: "Re: ssh authorized_keys bypasses security?"
- Reply: Tim Haynes: "Re: ssh authorized_keys bypasses security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
